[ https://issues.apache.org/jira/browse/RANGER-5072?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Abhishek Kumar updated RANGER-5072: ----------------------------------- Fix Version/s: 2.6.0 > Bump org.apache.avro:avro from 1.11.3 to 1.11.4 > ----------------------------------------------- > > Key: RANGER-5072 > URL: https://issues.apache.org/jira/browse/RANGER-5072 > Project: Ranger > Issue Type: Improvement > Components: plugins > Affects Versions: 2.5.0 > Reporter: Basapuram Kumar > Assignee: Basapuram Kumar > Priority: Major > Fix For: 2.6.0 > > Time Spent: 20m > Remaining Estimate: 0h > > [CVE-2024-47561|https://nvd.nist.gov/vuln/detail/cve-2024-47561] > +Description of CVE+ > Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions > allows bad actors to execute arbitrary code. Users are recommended to upgrade > to version 1.11.4 or 1.12.0, which fix this issue. > > To address the > [CVE-2024-47561|https://nvd.nist.gov/vuln/detail/cve-2024-47561] , suggesting > to bump-up from 1.11.3 to 1.11.4 -- This message was sent by Atlassian Jira (v8.20.10#820010)